Skip to content

Blur Integration #371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zhoujia6139 wants to merge 42 commits into
base: main
Choose a base branch
from
Open

Blur Integration #371

zhoujia6139 wants to merge 42 commits into from

Conversation

@zhoujia6139
Copy link
Contributor

@zhoujia6139 zhoujia6139 commented Apr 15, 2023

Security Checklist

  • 1. Re-Entrancy
  • 2. Arithmetic Over/Under Flows
  • 3. Unexpected Ether
  • 4. Delegatecall
  • 5. Default Visibilities
  • 6. Entropy Illusion
  • 7. External Contract Referencing
  • 8. Short Address/Parameter Attack (off chain)
  • 9. Unchecked CALL Return Values
  • 10. Race Conditions / Front Running
  • 11. Denial Of Service (DOS)
  • 12. Block Timestamp Manipulation
  • 13. Constructors with Care
  • 14. Uninitialized Storage Pointers
  • 15. Floating Points and Precision
  • 16. Tx.Origin Authentication
  • 17. Address.isContract Re-Entrancy via Constructor

⚠️ NOTES ⚠️

Make sure to think about each of these exploits in this PR.

@zhoujia6139 zhoujia6139 requested a review from a team as a code owner April 15, 2023 03:56
@zhoujia6139 zhoujia6139 marked this pull request as draft April 15, 2023 03:57
@zhoujia6139 zhoujia6139 marked this pull request as ready for review April 17, 2023 13:33
i5possible
i5possible reviewed Apr 18, 2023
View reviewed changes
WalidOfNow
WalidOfNow reviewed Apr 20, 2023
View reviewed changes
contracts/protocol/pool/PoolParameters.sol
}

/// @inheritdoc IPoolParameters
function enableBlurExchange() external onlyPoolAdmin {
Copy link
Contributor

@WalidOfNow WalidOfNow Apr 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest using different names for these. as we are not really enabling the actual exchange

Copy link
Contributor

@WalidOfNow WalidOfNow Apr 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

enableBlurIntegration?

contracts/protocol/libraries/logic/PoolExtendedLogic.sol Outdated
request.borrowAmount,
timeLockParams
);
IWETH(weth).withdraw(request.borrowAmount);
Copy link
Contributor

@WalidOfNow WalidOfNow Apr 20, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can't we transfer weth directly? might save us one transfer

0x8f701
0x8f701 reviewed Apr 21, 2023
View reviewed changes
WalidOfNow
WalidOfNow reviewed Apr 24, 2023
View reviewed changes
jefmono
jefmono reviewed Apr 25, 2023
View reviewed changes
jefmono
jefmono reviewed Apr 25, 2023
View reviewed changes
billyz9611
billyz9611 reviewed May 29, 2023
View reviewed changes
contracts/protocol/libraries/types/DataTypes.sol
// currency token. address(0) means ETH
address paymentToken;
// cash amount from user wallet
uint256 listingPrice;
Copy link

@billyz9611 billyz9611 Apr 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is cash amount ? or listing price?

contracts/protocol/libraries/logic/PoolExtendedLogic.sol Outdated
Errors.INVALID_REQUEST_STATUS
);

address keeper = ps._blurExchangeKeeper;
Copy link

@billyz9611 billyz9611 Apr 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could we not to check “msg.sender == keeper” to save some gas.

contracts/protocol/libraries/logic/PoolExtendedLogic.sol Outdated
address nTokenAddress = nftReserve.xTokenAddress;
// no time lock needed here
DataTypes.TimeLockParams memory timeLockParams;
(, uint64 collateralizedBalance) = INToken(nTokenAddress).burn(
Copy link

@billyz9611 billyz9611 Apr 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if the nToken is in auction , will revert.

contracts/protocol/libraries/logic/ValidationLogic.sol Outdated
.getParams();
// ensure user can't borrow/withdraw with the new mint nToken
require(
request.listingPrice >= floorPrice.percentMul(liquidationThreshold),
Copy link

@billyz9611 billyz9611 Apr 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. user init buy from blur which have high boost token id (set require.listingprice = nToken floor price * LS)
  2. user get more borrow limit : nToken floor price * boost *LTV - nToken floor price * LS
  3. user can borrow more money.

contracts/protocol/libraries/logic/PoolExtendedLogic.sol Outdated

//mint debt token
if (totalBorrow > 0) {
BorrowLogic.executeBorrow(
Copy link

@billyz9611 billyz9611 May 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we do transferUnderlyingTo before executeBorrow ? since the borrow use rate is not correct in updateInterestRates now.
borrow use rate = total debt / (balance (pToken contract) + total debt)
balance (pToken contract) should subtract the totalBorrow

billyz9611
billyz9611 reviewed May 30, 2023
View reviewed changes
contracts/protocol/libraries/logic/PoolExtendedLogic.sol Outdated
request.tokenId
);

return request.listingPrice + requestFee - request.borrowAmount;
Copy link

@billyz9611 billyz9611 May 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we save some gas if calculate needCashETH first and sent into validateInitiateBlurExchangeRequest ?

@zhoujia6139
chore: merge main
bbb3453
@zhoujia6139
chore: fix deploy script
db11144
@zhoujia6139
Accept underlying bids from Blur (#390)
43cb9a8 
* chore: basic implementation for BLUR sell

* chore: fix typo

* chore: check ape pair staking and gas optimization

* chore: check owner and fix interest rate issue

* chore: keeper fulfill request with ETH

* chore: fix updating wrong status

* chore: forbid initiate request for uniswapV3 and stakeFish
@zhoujia6139
chore: add izumi check in case got forgotten
de597f3
@zhoujia6139
chore: some optimization
88741a0
@zhoujia6139
chore: fix typo and test case(break since market config change)
877e67f
@zhoujia6139
chore: some small optimization
1d71b6f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

5 more reviewers

@WalidOfNow WalidOfNow WalidOfNow left review comments

@i5possible i5possible i5possible left review comments

@billyz9611 billyz9611 billyz9611 left review comments

@0x8f701 0x8f701 0x8f701 left review comments

@jefmono jefmono jefmono left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@zhoujia6139 @WalidOfNow @i5possible @billyz9611 @0x8f701 @jefmono